Commit graph

732 commits

Author SHA1 Message Date
David Drysdale
475bb11af0 Merge "Re-order skip checks for attestation tests" 2023-03-10 07:11:56 +00:00
Tri Vo
1be04ec2d2 Merge "Update challenge size check" 2023-03-09 22:47:12 +00:00
Tri Vo
2fcd4b6bc3 Update challenge size check
aosp/2480181 changed minimum challenge size to 16.

Bug: 272392463
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I420f230651192e8fd67aab2ceff916a9c8b6db92
2023-03-09 13:23:09 -08:00
Seth Moore
ceeb357048 Merge "Fix minimum size description of challenge" 2023-03-09 20:58:22 +00:00
Seth Moore
3182cc00a3 Fix minimum size description of challenge
The server-provided challenge is almost always smaller than 32 bytes,
so we cannot enforce that as a minimum. I fixed up the CDDL a while
back, but missed one mention of the 32 byte minimum in the description.

Test: n/a (it's a comment)
Bug: 272392463
Change-Id: Ia5994e2b7cf107ab131c6b028bee7881d0e657ac
2023-03-09 12:54:08 -08:00
David Drysdale
5b94874691 Re-order skip checks for attestation tests
Put the test arm that just involves checking a property
first, so that tests which involve a round trip to the Package
Manager are only executed when they're needed.

Test: VtsAidlKeyMintTargetTest
Bug: 271026714
Change-Id: I4caad6243a3b9d511a32717fd95f58864b857eeb
2023-03-09 11:03:10 +00:00
David Drysdale
4cbe215e34 Allow for 32-bit VTS builds
In 32-bit builds a `long` may be 32 bits, but the `long` values on an
AIDL interface are 64 bits.  Therefore need to use `int64_t` for the
corresponding C++ type, not `long`.

Bug: 271056044
Test: VtsAidlKeyMintTargetTest --gtest_filter="*AuthTest*" (32-b)
Change-Id: I19f5a1d825dfcc45087534bbd4239a13cdfec3f7
2023-03-07 14:47:11 +00:00
Yi Kong
bd5d365d82 Fix return-stack-address warning
hardware/interfaces/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp:79:26: error: reference to stack memory associated with local variable 'message' returned [-Werror,-Wreturn-stack-address]
return std::move(message);
^~~~~~~

Test: presubmit
Change-Id: I4298b4a25ccb809a7ae180bb218e673a7f1aa623
2023-03-01 16:19:43 +09:00
Alice Wang
6fdd6b000b Merge "[dice] Remove unused service android.hardware.security.dice" 2023-02-28 08:22:40 +00:00
Treehugger Robot
657934eebb Merge "Update KeyMint VTS tests to use pre-defined API level symbols" 2023-02-27 11:19:50 +00:00
Tri Vo
20bb427427 Merge "Add test for IRPC DeviceInfo" 2023-02-24 18:02:14 +00:00
Alice Wang
acc1a5bd38 [dice] Remove unused service android.hardware.security.dice
This cl removes the unused service android.hardware.security.dice
together with all its usages (all of them are tests), because the
service is incomplete and not used anywhere for now and in the
near future.

The cl also removes dice from the compat matrix.

This helps us reduce some maintainance burden for the Rust dice
wrapper libraries such as libdiced_open_dice[_nostd],
libdiced_sample_inputs, libdiced_utils and their tests.

Test: atest diced_utils_test diced_sample_inputs_test \
diced_open_dice_cbor_test \
libdiced_open_dice_nostd.integration_test \
libdiced_open_dice.integration_test diced_open_dice_cbor_test
Test: m pvmfw_img microdroid_manager
Bug: 267575445
Bug: 270511529

Change-Id: I3d2497d2e8d3f88c49cae9ae80a6b4f7b652cc4a
2023-02-24 09:03:11 +00:00
Tri Vo
ec50ee162a Add test for IRPC DeviceInfo
Bug: 243148852
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: If873996f0d756662808d785d2ef57118737a5aab
2023-02-23 20:01:31 -08:00
Treehugger Robot
53faa27ace Merge "Correct AttestKey test that checks Qualcomm's SPU waiver." 2023-02-23 20:43:12 +00:00
David Drysdale
e85498a968 Merge "Add Gatekeeper-based auth tests" 2023-02-23 11:44:43 +00:00
Shawn Willden
1a545db363 Update KeyMint VTS tests to use pre-defined API level symbols
Test: VtsKeyMintAidlTargetTest
Change-Id: I11ccd0c4959a2b3504009fdd95f4a313a5d6d5f6
2023-02-22 16:06:19 -07:00
Shawn Willden
3a4a3a95b8 Correct AttestKey test that checks Qualcomm's SPU waiver.
The test exempted KeyMint on the affected chips from having to implement
ATTEST_KEY if they have StrongBox in all Android releases from Android S
onwards, but the waiver was given only for Android S and T.  This CL
changes the test to reinstate the requirement after Android T.

Test: VtsAidlKeyMintTargetTest
Change-Id: I8481ae31de34aae220af7e7188632edcc2d391f0
2023-02-22 16:06:19 -07:00
David Drysdale
28fa931f00 Add Gatekeeper-based auth tests
Add tests that directly exercise Gatekeeper to get auth tokens for use
with auth-bound keys.

Test: VtsAidlKeyMintTargetTest
Change-Id: Ie668674d81ca487e8bbc18fdd9f36610bcab4c8c
2023-02-22 07:14:25 +00:00
Treehugger Robot
efd4cf71e5 Merge "Enforce boot and vendor patch level format always" 2023-02-21 18:36:50 +00:00
Rajesh Nyamagoud
5283f81f64 Adding a test using second IMEI as attestation ids.
1. Using second IMEI as attestation id without using first IMEI.
       Test should generate a key using second IMEI as attestation id
       without using first IMEI as attestation id. Test should validate
       second IMEI in attesation record.

    2. Using first IMEI as well as second IMEI as attestation ids.
       Test should generate a key using first IMEI and second IMEI as
       attestation ids. Test should validate first IMEI and second IMEI
       in attestation record.

Test: atest -c VtsAidlKeyMintTargetTest
Bug: 263197083, 264979486
Change-Id: I61c3f32e15a8d478a838d14e7db9917a33682267
2023-02-20 20:40:12 +00:00
Tri Vo
b21e6df7c2 Enforce boot and vendor patch level format always
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I80bc96a6aee62474b33b015b6d04de7527fe757c
2023-02-17 14:55:51 -08:00
Treehugger Robot
249640be0a Merge "[dice] Adapt dice service and tests to the new DiceArtifacts trait" 2023-02-17 15:54:04 +00:00
Tommy Chiu
7cabdc10db Fix test assumption for KeyMint+RKP integration
According to the API Level definition (https://developer.android.com/guide/topics/manifest/uses-sdk-element#ApiLevels), both 31 and 32 are belong to Android-12 (S).

Bug: 263844771
Change-Id: I92e3f9015607ad9421c02442033e9b586ae07bcb
Test: VtsAidlKeyMintTargetTest #EcdsaWithRkpAttestation
2023-02-16 09:39:25 +00:00
Alice Wang
e585065a4d [dice] Adapt dice service and tests to the new DiceArtifacts trait
The code needed to be adpated because the public fields the code
accessed previously now become private. We need to access them
via the trait now.

This cl also deletes unused dependence libdiced_open_dice_cbor in
the dice service and tests targets.

Bug: 267575445
Test: m android.hardware.security.dice-service.non-secure-software
Test: atest VtsAidlDiceTargetTest VtsAidlDiceDemoteTargetTest
Change-Id: I16e18226c0bce8a90ed764ba598e90e7c1c854ab
2023-02-15 16:34:50 +00:00
David Drysdale
bf0ae8a0f0 Merge "RKP spec: fix public key info description" 2023-02-13 16:37:49 +00:00
David Drysdale
cdf8ed3f6f RKP spec: fix public key info description
The PartyInfo for a P-256 public key is encoded as (x||y) not
(0x04||x||y).

Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: Iae5dc624228d4e1e538e230968443925ec8b55fc
2023-02-13 12:07:17 +00:00
Steven Moreland
6410234d7c Merge "rkp: add keymint v1 hash into rkp v1" 2023-02-11 01:27:43 +00:00
Steven Moreland
5419c2dbe5 rkp: add keymint v1 hash into rkp v1
When we split the rkp interface, we only added one hash to rkp v1, but
on Android S devices, this interface was in keymint v1, and so it used
the keymint v1 hash.

In order for that old implementation to be recognized, we need to add the keymint v1 hash into rkp v1.

The hash added here is copied from this file:
hardware/interfaces/security/keymint/aidl/aidl_api/android.hardware.security.keymint/1/.hash

Bug: 264549860
Change-Id: I3fce46b3e9bd09d79fa8e2f203b4eb9ebb517c15
Test: vts_treble_vintf_vendor_test
2023-02-10 22:44:28 +00:00
Alice Wang
f29985ae57 Merge "[dice] Adjust the output type of make_sample_bcc_and_cdis()" 2023-02-09 15:59:16 +00:00
Alice Wang
cfb4e92217 [dice] Adjust the output type of make_sample_bcc_and_cdis()
This is part of the project of merging the two existing dice
wrapper libraries into the library libdiced_open_dice to
improve maintainability.

Bug: 267575445
Test: m android.hardware.security.dice-service.non-secure-software
Test: atest VtsAidlDiceTargetTest VtsAidlDiceDemoteTargetTest
Change-Id: If9ee66a320775897342f53d58ee11405a8e70c6f
2023-02-08 21:08:28 +00:00
Tommy Chiu
6e5736bdb8 VTS: Replace deprecated 'getService' by 'waitForService'
Bug: None
Test: Built
Change-Id: I6902612ba9c4422a071c342dde4682dc96b20a6c
2023-02-08 10:28:45 +08:00
Treehugger Robot
ec32540a84 Merge "Fix AttestKeyTest failures in KeyMint VTS" into android13-tests-dev am: c3702f8e5b
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2406652

Change-Id: I2a19d5e784b2eabfffb63c3c1ceb7fed09682dcd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-02-06 17:45:19 +00:00
Alice Wang
6331fd4d5a Merge "[dice] Pass InputValues to dice::execute_steps without conversion" 2023-02-02 19:57:38 +00:00
Alice Wang
c4a9ba8bd3 [dice] Pass InputValues to dice::execute_steps without conversion
Test: atest VtsAidlDiceTargetTest VtsAidlDiceDemoteTargetTest
Bug: 267575445
Change-Id: I14819bb8e1af10a2de4539077491de3fb7df9a83
2023-02-02 16:35:45 +00:00
Treehugger Robot
2831fa2bf2 Merge "Updated the digest to SHA_2_256 in key upgrade tests." 2023-02-02 16:21:13 +00:00
David Drysdale
44671d923a Merge "Skip curve25519 upgrade tests on KeyMint v1" 2023-02-01 12:44:34 +00:00
David Drysdale
9ea96ddd9d Skip curve25519 upgrade tests on KeyMint v1
Bug: 266010760
Test: VtsAidlKeyMintTargetTest
Change-Id: Ib65e8209477251cce15161b2502c893f9983da42
2023-02-01 07:44:43 +00:00
Benjamin Grimberg
981c9c2236 Fix AttestKeyTest failures in KeyMint VTS
Skip attestation key tests if the feature
FEATURE_KEYSTORE_APP_ATTEST_KEY is disabled on device,
as done in KeyMint CTS.

Bug: 244460948
Bug: 265740739

Test: VtsAidlKeyMintTargetTest
Change-Id: I8199e5c7570b10b71f127c7439b889c0b3327865
2023-01-31 08:12:27 -07:00
David Drysdale
b7d44a2eef Add check_feature helper
Test: VtsAidlKeyMintTargetTest
Change-Id: I4a5b2a41172c15ae29efb5b177eb86cea5527b4e
Merged-In: I4a5b2a41172c15ae29efb5b177eb86cea5527b4e
(cherry picked from commit 3d2ba0a137)
2023-01-31 08:11:33 -07:00
Eran Messeri
cd46e02439 Merge "Keystore: Attestation fix in AOSP builds" 2023-01-31 13:43:55 +00:00
David Drysdale
28b953032e RKPv2 spec clarifications
- Rename keysToCertify to keysToSign to match param name in a few
  places.
- Make clearer that P-256 is allowed in EEK.
- Make clearer that EEK curve should match that specified in
  RpcHardwareInfo.supportedEekCurve.
- Add note about AAD for AES-GCM encryption.
- Add note about format of public key data in KDF context.

Test: None, comments only
Change-Id: Ie775a453b4d3941b7d24396da66681ab91978d81
2023-01-26 06:31:02 +00:00
Eran Messeri
506089a8e9 Merge "Extending AttestKeyTest#EcdsaAttestationID test to use IMEI as attestation id." 2023-01-24 16:48:26 +00:00
David Drysdale
8c526e4d3e Merge "Add missing endquote and newline" 2023-01-24 16:30:59 +00:00
David Drysdale
9c99dc9a39 Add missing endquote and newline
Test: tsAidlKeyMintTargetTest --gtest_filter="*KeyBlobUpgradeTest*After*default"  --keyblob_dir /data/local/tmp/keymint-blobs
Change-Id: I6f1d2778637cf4603e1ab896d63df936fbf82a38
2023-01-24 12:21:21 +00:00
Andrew Scull
9132147d0a Merge "Allow P-384 and SHA-384 in RKP v3" 2023-01-20 20:49:14 +00:00
Rajesh Nyamagoud
eb644cfcbe Extending AttestKeyTest#EcdsaAttestationID test to use IMEI as
attestation id.

Get IMEI value from Telephony Service and use it as attestation id.

Bug: 261847629
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I0212def48d761a45f514161e5576a954bf388c56
2023-01-20 20:32:05 +00:00
Andrew Scull
5bdc9f92bb Allow P-384 and SHA-384 in RKP v3
Following requests from partners, document P-384 and SHA-384 as
officially supported signing algorithms and hash functions in the DICE
chain.

Bug: 265455904
Test: n/a -- documentation-only change
Change-Id: Id7b5eaf81be17fda9278dc7ad5f2b441931c6b83
2023-01-19 14:18:12 +00:00
Treehugger Robot
ed2054123f Merge "Check for failures in base SetUp()" 2023-01-19 10:39:57 +00:00
Treehugger Robot
fa44e8e809 Merge "Add owners for the security HALs" 2023-01-19 10:20:42 +00:00
Treehugger Robot
2524ba06a2 Merge "Adjust for library rename" 2023-01-18 21:54:46 +00:00